Episode 025: 25‐06‐2024 Empowering Authorization Through Data - GluuFederation/identerati-office-hours GitHub Wiki
Title: Empowering Authorization Through Data
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Eric Anderson, Identity Alchemist
- Co-Host: Dr. Rogério Rondini, Senior Manager Digital Identity at PwC Cybersecurity Forensics & Privacy
Authorization decisions are only as good as the data used to make them. An identity data fabric, identity data lake, or master user record pulls data from many sources, which it prioritizes by authoritative ranking by data element. It means that the enterprise has a single, intuitive location to go for data associated with any enterprise "belly button".
Enterprises have many data silos that contain information about a person. Each data sources may be authoratative for certain user claims. It's desirable for enterprises to create a "master data record" for a person joins data from these disparate silos, prioritizing data from authoritative sources, eliminating duplicate accounts, and "cleaning" (or transforming) data as necessary.
Radiant Logic is an enterprise tool that accomplishes this using very productive tools to create a common schema defining the authorative sources, and to implement synchronization rules to keep the data current. The result is a virtualized view of identity data across the enterprise that can provide accurate information about users to IDM, IAM and IGA infrastructure. How to do this without Radiant Logic is unclear... probably involves writing a custom purpose-built solution.
Even with new modes of authn and authz--for example sending user claims in a JWT v. publishing user claims in LDAP--having a master user record can improve the quality of authoritzation decisions by providing the right information at the right time.
It may be easier to create a virtualized view of identity data, cleaned and de-duplicated, then it is to convince data owners to fix their data. Or it may not be possible for the stream of data to normalize their data. Many enterprises can benefit from this approach, and having a single view of a user entity can drive down costs for IDM, IAM and IGA infrastructure deployments.
(Diagram Mike showed in the episode)